There’s also IPC::Run which will let you drive a subprocess while looking for responses with regexen.
And seconding being careful locking down what can be run especially something accessible via a web server. Might even consider a harder separation like maybe enqueuing requests that something else (not running as your httpd user) then runs with the elevated access separately (Minion, or dropping in a db, or a file in a directory monitored by something to run things, …).
The cake is a lie.
The cake is a lie.
The cake is a lie.